PT-2025-41949 · Fortinet · Fortiproxy
Published
2025-10-14
·
Updated
2025-10-16
·
CVE-2025-25255
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FortiProxy versions 7.0.1 through 7.0.21
FortiProxy versions 7.2 all versions
FortiProxy versions 7.4 all versions
FortiProxy versions 7.6.0 through 7.6.3
Description
An improperly implemented security check may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests. The issue relates to the explicit web proxy functionality.
Recommendations
Update FortiProxy to a version later than 7.0.21.
Update FortiProxy to a version later than 7.2.
Update FortiProxy to a version later than 7.4.
Update FortiProxy to a version later than 7.6.3.
Fix
Improperly Implemented Security Check for Standard
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiproxy